Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-24 Thread Nick Coghlan
On 25 February 2014 17:39, Christian Heimes wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > this looks pretty serious -- and it caught me off guard, too. :( > > https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ > > Next time please i

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Stuart Bishop
On 23 February 2014 08:56, Ethan Furman wrote: > ``%a`` will call :func:``ascii()`` on the interpolated value's > :func:``repr()``. > This is intended as a debugging aid, rather than something that should be > used > in production. Non-ascii values will be encoded to either ``\xnn`` or > ``\unnn

[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-24 Thread Christian Heimes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, this looks pretty serious -- and it caught me off guard, too. :( https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ Next time please inform the Python Security Response Team about any and all issues tha

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Chris Angelico
On Tue, Feb 25, 2014 at 11:27 AM, Jim J. Jewett wrote: > This also makes me wonder whether the cost of a subscope > (for exception capture) could be limited to when an > exception actually occurs, and whether that might lower > the cost enough to make the it a good tradeoff. > > def myfunc1(a,

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Jim J. Jewett
Greg Ewing suggested: >> This version might be more readable: >> >> value = lst[2] except "No value" if IndexError Ethan Furman asked: > It does read nicely, and is fine for the single, non-nested, case > (which is probably the vast majority), but how would > it handle nested exceptions?

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Jim J. Jewett
Yury Selivanov wrote: > I think the Motivation section is pretty weak. I have normally wished for this when I was (semi- interactively) exploring a weakly structured dataset. Often, I start with a string, split it into something hopefully like records, and then start applying filters and tran

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Ethan Furman
On 02/24/2014 02:33 PM, Nick Coghlan wrote: Allowing %a also improves the consistency with text interpolation. In the case of %r, the inconsistency is based on needing to disallow arbitrary Unicode code points in the result and not wanting to redefine %r as a second way to spell %a. There's no

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Antoine Pitrou
On Tue, 25 Feb 2014 08:33:53 +1000 Nick Coghlan wrote: > As far as use cases go, as someone else mentioned, the main one is likely > to be binary logging and error reporting formats, as it becomes a quick and > easy way to embed a backslash escaped string. That's a fringe use case, though. Also,

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Nick Coghlan
On 25 Feb 2014 05:44, "Antoine Pitrou" wrote: > > On Mon, 24 Feb 2014 10:40:46 -0800 > Ethan Furman wrote: > > > Okay, types corrected, most comments taken into account. > > > > %b is right out, %a is still suffering scrutiny. > > > > The arguments seem to boil down to: > > > > We don't need it.

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Victor Stinner
2014-02-24 22:08 GMT+01:00 Jim J. Jewett : >>> Will ascii() ever emit an antislash representation? Sorry, it's chr(0x10): >>> print(ascii(chr(0x10))) '\U0010' Victor ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Jim J. Jewett
Victor Stinner wrote: >> Will ascii() ever emit an antislash representation? > Try ascii(chr(0x1f)). In which version? I get: ValueError: chr() arg not in range(0x11) > How do you plan to use this output? Write it into a socket or a file? > When I debug, I use print & logging w

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Rob Cliffe
On 22/02/2014 02:08, Glenn Linderman wrote: On 2/21/2014 5:06 PM, Jan Kaliszewski wrote: Or even (still being my favorite): msg = seq[i] except (IndexError: "nothing") This syntax actually has a benefit: the parenthesized syntax after except could become a list, to allow handling diffe

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Rob Cliffe
On 21/02/2014 23:36, Ethan Furman wrote: On 02/21/2014 02:26 PM, Eric V. Smith wrote: On 2/21/2014 5:06 PM, Greg Ewing wrote: On 21 February 2014 13:15, Chris Angelico wrote: Generator expressions require parentheses, unless they would be strictly redundant. Ambiguities with except expressi

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Ethan Furman
On 02/24/2014 11:54 AM, Mark Lawrence wrote: On 24/02/2014 18:40, Ethan Furman wrote: So, any last thoughts about %a? I placed it under your nose https://mail.python.org/pipermail/python-dev/2014-January/131636.html but personally I wouldn't lose any sleep whether it stays or goes. So you

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Mark Lawrence
On 24/02/2014 18:40, Ethan Furman wrote: Okay, types corrected, most comments taken into account. %b is right out, %a is still suffering scrutiny. The arguments seem to boil down to: We don't need it. vs Somebody might, and it's better than having them inappropriately add a __bytes__ method

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Antoine Pitrou
On Mon, 24 Feb 2014 10:40:46 -0800 Ethan Furman wrote: > Okay, types corrected, most comments taken into account. > > %b is right out, %a is still suffering scrutiny. > > The arguments seem to boil down to: > > We don't need it. > > vs > > Somebody might, and it's better than having them ina

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Glenn Linderman
On 2/24/2014 10:40 AM, Ethan Furman wrote: Somebody might, and it's better than having them inappropriately add a __bytes__ method if we don't have it. I'll admit my first thought on reading the initial discussions about adding bytes % formatting was "Oh, if I want to display custom objects

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Ethan Furman
Okay, types corrected, most comments taken into account. %b is right out, %a is still suffering scrutiny. The arguments seem to boil down to: We don't need it. vs Somebody might, and it's better than having them inappropriately add a __bytes__ method if we don't have it. "We don't need it"

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Rob Cliffe
Some of your points have been answered by others, I'll try to avoid repetition. On 21/02/2014 19:04, Yury Selivanov wrote: [snip] Inconvenience of dict[] raising KeyError was solved by introducing the dict.get() method. And I think that dct.get('a', 'b') is 1000 times better than dct['a'] e

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Antoine Pitrou
On Mon, 24 Feb 2014 09:58:30 -0800 Ethan Furman wrote: > On 02/24/2014 09:43 AM, Antoine Pitrou wrote: > > On Mon, 24 Feb 2014 09:15:29 -0800 > > Ethan Furman wrote: > >> On 02/23/2014 02:54 PM, Nick Coghlan wrote: > >>> > >>> It's a harm containment tactic, based on the assumption people *will*

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Ethan Furman
On 02/24/2014 09:43 AM, Antoine Pitrou wrote: On Mon, 24 Feb 2014 09:15:29 -0800 Ethan Furman wrote: On 02/23/2014 02:54 PM, Nick Coghlan wrote: It's a harm containment tactic, based on the assumption people *will* want to include the output of ascii() in binary protocols containing ASCII s

Re: [Python-Dev] PEP 463: Exception-catching expressions

2014-02-24 Thread Rob Cliffe
On 22/02/2014 21:26, Tim Delaney wrote: On 23 February 2014 02:29, Nick Coghlan > wrote: On 22 Feb 2014 22:15, "Stephen J. Turnbull" mailto:step...@xemacs.org>> wrote: > Antoine Pitrou writes: > > Chris Angelico mailto:ros...@gmail.com>> wrote:

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Antoine Pitrou
On Mon, 24 Feb 2014 09:15:29 -0800 Ethan Furman wrote: > On 02/23/2014 02:54 PM, Nick Coghlan wrote: > > > > It's a harm containment tactic, based on the assumption people *will* > > want to include the output of ascii() in binary protocols containing > > ASCII segments, regardless of whether or

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Ethan Furman
On 02/23/2014 02:54 PM, Nick Coghlan wrote: It's a harm containment tactic, based on the assumption people *will* want to include the output of ascii() in binary protocols containing ASCII segments, regardless of whether or not we consider their reasons for doing so to be particularly good. O

Re: [Python-Dev] PEP 461: Adding % formatting to bytes and bytearray -- Final, Take 2

2014-02-24 Thread Victor Stinner
2014-02-24 3:45 GMT+01:00 Nick Coghlan : > Would leaving %a out destroy the utility of the PEP? Usually, debug code is not even commited. So writing b'var=%s' % ascii(var).encode() is not hard. Or maybe: b'var=%s' % repr(var).encode('ascii', 'backslashreplace') which is the same but longer :-) V